You are here: Re: output escaping problem « All PHP « IT news, forums, messages
Re: output escaping problem

Posted by charlespb69 on 08/15/07 00:40

On Aug 13, 6:29 am, Rik <luiheidsgoe...@hotmail.com> wrote:
> On Mon, 13 Aug 2007 15:12:15 +0200, Pugi! <pugin...@gmail.com> wrote:
> > Before I save input from a form to a database I use (after input
> > filtering) mysql_real_escape_string.
> > This means that blabla 'blabla' ... -> blabbla \'blabla\' ...
>
> No, it means the characters that need escaping are escaped when inserting
> in the database, so the data in the database is _the_same_ as your
> original string. Unless somthing like magic_quotes_gpc() is enabled, in
> which case you should use stripslashes() on the string before using
> mysql_real_escape_string() on it.
>
> > To display this data from database in browser, I use stripslashes and
> > htmlentities.
> > So far so good.
>
> Nope, just drop the stripslashes.
> --
> Rik Wasmus

When using mysql_real_escape_string you don't need to use stripslashes

 

Navigation:

[Reply to this message]


Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация